diff options
author | Matt Caswell <matt@openssl.org> | 2020-05-01 17:41:25 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-06-05 10:31:06 +0100 |
commit | 263ff2c9d4c88f19133d21d9956d71edd7401d54 (patch) | |
tree | 167ce57291d3476481ad230703bde7dcd1ef8f83 /ssl/ssl_local.h | |
parent | eca471391378139f76a7d1229b6a5a1dcc4b5603 (diff) |
Check that Signature Algorithms are available before using them
We should confirm that Signature Algorithms are actually available
through the loaded providers before we offer or select them.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)
Diffstat (limited to 'ssl/ssl_local.h')
-rw-r--r-- | ssl/ssl_local.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 5e2379c093..d2e8e23e23 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1157,6 +1157,9 @@ struct ssl_ctx_st { const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]; const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]; size_t ssl_mac_secret_size[SSL_MD_NUM_IDX]; + + /* Cache of all sigalgs we know and whether they are available or not */ + struct sigalg_lookup_st *sigalg_lookup_cache; }; typedef struct cert_pkey_st CERT_PKEY; @@ -1776,6 +1779,8 @@ typedef struct sigalg_lookup_st { int sigandhash; /* Required public key curve (ECDSA only) */ int curve; + /* Whether this signature algorithm is actually available for use */ + int enabled; } SIGALG_LOOKUP; typedef struct tls_group_info_st { @@ -2432,6 +2437,7 @@ __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_x509err2alert(int type); void ssl_sort_cipher_list(void); int ssl_load_ciphers(SSL_CTX *ctx); +__owur int ssl_setup_sig_algs(SSL_CTX *ctx); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, size_t len, DOWNGRADE dgrd); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, |